CVE-2010-3483

Primitive CMS 1.0.9 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3483. PoCs published by Stephan Sattler.

AI-analyzed exploit summary The exploit details multiple vulnerabilities in Primitive CMS 1.0.9, including unauthorized access, HTML injection, and blind SQL injection. It provides vulnerable code snippets and PoC examples for SQL injection via POST parameters.

Description

cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.

Exploits (1)

exploitdb WRITEUP
by Stephan Sattler · textwebappsphp
https://www.exploit-db.com/exploits/15064

The exploit details multiple vulnerabilities in Primitive CMS 1.0.9, including unauthorized access, HTML injection, and blind SQL injection. It provides vulnerable code snippets and PoC examples for SQL injection via POST parameters.

Classification
Writeup 90%
Attack Type
Sqli | Auth Bypass | Xss
Complexity
Trivial
Reliability
Reliable
Target: Primitive CMS 1.0.9
No auth needed
Prerequisites: Access to the target CMS installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2458
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15064
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41515

Scores

EPSS 0.0234
EPSS Percentile 81.5%

Details

CWE
CWE-264
Status published
Products (1)
bouzouste/primitive_cms 1.0.9
Published Sep 22, 2010
Tracked Since Feb 18, 2026